Open Redirect in ionicabizau/parse-url
Jul 10th 2021
parse-url improperly handles the user input such as https:/\ and interprets it as a relative path. Backslashes after the protocol are accepted by browsers and treated as normal slashes, but parse-url reads them as the relative path, which could lead to SSRF, open redirects, or other unintended behavior.
🕵️♂️ Proof of Concept
// PoC.js const parseUrl = require("parse-url") console.log(parseUrl("http:/\ionicabizau.net/blog"))
As I tested it on runkit where you can see it in action where you will see the current output:
protocol: "ssh" port: null resource: "http" user: "" pathname: "/ionicabizau.net/blog" hash: "" search: "" href: "http:/ionicabizau.net/blog"
As you can see it interpreted the whole URL after \ as a relative path
based on the application, usage bypasses for SSRF, open redirection, and other unintended behavior
Similar CVE reports
CVE-2021-27515, CVE-2021-27516, huntr.dev report